Incident and event notification systems foster real time communication among key business stakeholders when an incident or event occurs. Aside from the primary purpose surrounding event notification, these systems also address a company’s compliance, regulatory or contractual obligations concerning event notification, data (breach) protection, ethics violations, investigations and information protection.
Secondarily to the event notification tool, a case management or incident tracking mechanism is required. Incident tracking tools are a centralized data repository used to record the details of the incident, track the ongoing investigation, results and event conclusion. This varies from pieces of paper to Excel spreadsheets to sophisticated multiuser databases in which the information from the case or event is stored, analyzed and recorded for future record.
Incident tracking tools are subject to the same rules of record retention as any other technology based system, document or paper file. Meaning, if your company’s records retention standard is seven years, you should retain the case/incident information contained in the database for the same period of time before purging the data at the end of the records retention period.
Like any building, controlling access to the database is imperative because it contains sensitive, private, proprietary, employment, human resources and legal information. Privacy concerns are paramount and the database should be controlled on a strict “need to know” basis. The two major considerations are: who should be granted access and what level of access should they have? Information can usually be compartmentalized, allowing individuals with access to view all or parts of the sections they need. Most systems also distinguish between read/write ability and can be secured appropriately.
The access “test” is the human resources test. Who in your company would you allow to view information contained in an employee’s human resources file? Those are the same individuals who are given complete access to the case and event database. Remember, not everyone who thinks they need access to the database should have it.
Business units must be able to articulate the need and have processes in place to ensure the confidentiality of the records. Access to the database should be given to select individual(s) from the fraud, investigations, security, compliance, audit, human resources and legal departments.
Aside from serving as a standards event repository, a centralized event database also provides authorized departments with a sophisticated analytic tool designed to perform fraud trending and annual reporting, while reviewing fraud patterns occurring throughout the cases, events and incidents inputted into the database.
New Case Management Player
Recently, I heard about a new player in the case management vertical, Scout. I’m always evaluating new technological tools for deployment in the corporate environment and am familiar with many case management systems: (i-Sight, PPM 2000, ISO. So, I decided to take a product demo and find out more about Scout’s platform.
Unlike many case management providers who sell their platform as pre-packaged enterprise software, Scout is a web-based, “software as a service” (SaaS) model, and there’s been significant movement from providers of enterprise software into the SaaS arena. This model also makes the product more competitive in the market than buying the equivalent enterprise software being sold elsewhere. Detractors from enterprise software usually include: hard costs, licensing fees, training costs and support costs in addition to being hosted, implemented, maintained and secured by your IT department on a dedicated server.
Many of the case management tools I’ve seen in the past have “hard coded” data input fields making it very difficult to make your company’s information fit into the categories and sub-categories they provide you. Hard coded data entry fields aren’t very fluid, kind of like trying to fit a square peg into a round hole.
However, I found Scout’s data entry feature to be user friendly, allowing customization of the data input fields so that the information and data you add in your case management system matches the priorities your company places on it. This is an important feature and vastly different from the hard coded, “take it or leave it” attitude many providers seem to have.
Flexibility is another significant feature for this tool as it provides secure and easy (permissions based) access points for approved customers, vendors, investigators, compliance, audit, legal, security and HR personnel where there’s a need.
One of the features I’d like to see Scout add is a functional, task-oriented time tracking tool for case management purposes as government agencies and corporations are being asked more often to produce loss estimates in court (civil and criminal). A significant piece of that, besides actual hard costs, is employees’ time. Apparently, that’s on the drawing board.
Overall, however, I was impressed with Scout’s functionality and the robust, streamlined and customizable nature of the product. This should make for a positive user experience, something that is paramount in effective corporate case management systems.
Putting It All Together
Case management and event notification tools are integral parts of the corporate compliance, audit, human resource, legal, investigations, ethics and security equation. I’ve previously written about the value of utilizing a holistic approach to the issues your company faces. These tools are often at the core of operational effectiveness and success in a holistically driven approach.
Once notified of an event, key senior management personnel can be given access to the case management tool to ensure that they have access to critical investigations and events that could have significant corporate impact or need to be reported to the audit committee, the CEO or the board in real time.
Whatever the case, whether you look at one of the new case management tools like Scout or any of the other players in the case management space, evaluate your case management and event notification tools to ensure that they are working properly for your business applications and needs. Even if they appear to be working correctly at the moment, continual evaluation and testing are always necessary in the ever-changing, global world of compliance, fraud and risk mitigation.